NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0442 Microsoft Confirms Windows-WORD Attacks:
Microsoft warned of a critical vulnerability that affects users of WORD running on
Windows 2000, XP, and Server 2003 SP1 - several weeks after one security company first
reported an exploit and a day after a second vendor confirmed ongoing attacks. In an
advisory posted Friday, 21MAR08, Microsoft acknowledged "public reports of very limited,
targeted attacks" that exploit a bug in the Microsoft Jet Database Engine, a Windows
component that provides data access to applications including Microsoft ACCESS and
VISUAL BASIC. According to Symantec Corp., however, the attacks Microsoft described used
malicious WORD 2000, 2002, 2003, and 2007 documents, which in turn call up the vulnerable
Jet .dll. Microsoft said that users running WORD on machines powered by Windows VISTA
and Windows Server 2003 SP2 are not at risk because those operating systems include a
different version of Jet. Although Microsoft downplayed the threat, the company said
it currently has teams working to develop an update of appropriate quality for release
in our regularly scheduled bulletin process or as an out-of-band update, depending on
customer impact. Until a fix is available, Microsoft said users and IT administrators
could disable Jet or block .mdb files at the gateway. The next scheduled Microsoft patch
day is Tuesday, 08APR08.
(ComputerWorld 22MAR08)